Bug 164695

Summary: misusage of arp results in "buffer overflow detected"
Product: [Fedora] Fedora Reporter: Peter Bieringer <pb>
Component: net-toolsAssignee: Radek Vokál <rvokal>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 1.60-55 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-03 09:29:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2005-07-30 14:45:23 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
During writing a doc I misused the arp command, unbfortunately it doesn't proper catch the misuse

Version-Release number of selected component (if applicable):
net-tools-1.60-52 on kernel 2.6.12-1.1398_FC4

How reproducible:
Always

Steps to Reproduce:
1. Execute e.g. arp -s 172.16.1.3 00:80:c8:04:05:06 -D eth0
  

Actual Results:  # arp -s 172.16.1.3 00:80:c8:04:05:06 -D eth0
*** buffer overflow detected ***: arp terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x991565]
/lib/libc.so.6(__strcpy_chk+0x3f)[0x990bf7]
arp[0x8049694]
arp[0x804a7b6]
/lib/libc.so.6(__libc_start_main+0xc6)[0x8c7de6]
arp[0x8049271]
======= Memory map: ========
00235000-00236000 r-xp 00000000 08:01 1815442    /usr/lib/gconv/ISO8859-1.so
00236000-00238000 rwxp 00000000 08:01 1815442    /usr/lib/gconv/ISO8859-1.so
002a4000-002a5000 r-xp 002a4000 00:00 0
0078f000-00798000 r-xp 00000000 08:01 421503     /lib/libgcc_s-4.0.1-20050727.so.1
00798000-00799000 rwxp 00009000 08:01 421503     /lib/libgcc_s-4.0.1-20050727.so.1
00895000-008af000 r-xp 00000000 08:01 423881     /lib/ld-2.3.5.so
008af000-008b0000 r-xp 00019000 08:01 423881     /lib/ld-2.3.5.so
008b0000-008b1000 rwxp 0001a000 08:01 423881     /lib/ld-2.3.5.so
008b3000-009d7000 r-xp 00000000 08:01 423882     /lib/libc-2.3.5.so
009d7000-009d9000 r-xp 00124000 08:01 423882     /lib/libc-2.3.5.so
009d9000-009db000 rwxp 00126000 08:01 423882     /lib/libc-2.3.5.so
009db000-009dd000 rwxp 009db000 00:00 0
08048000-08053000 r-xp 00000000 08:01 713253     /sbin/arp
08053000-08055000 rw-p 0000a000 08:01 713253     /sbin/arp
09f9a000-09fbb000 rw-p 09f9a000 00:00 0          [heap]
b7d5c000-b7d62000 r--s 00000000 08:01 1815517    /usr/lib/gconv/gconv-modules.cache
b7d62000-b7d6e000 r--p 00000000 08:01 1784414    /usr/share/locale/de/LC_MESSAGES/net-tools.mo
b7d6e000-b7d6f000 r--p 00e39000 08:01 1753630    /usr/lib/locale/locale-archive
b7d6f000-b7daa000 r--p 00df9000 08:01 1753630    /usr/lib/locale/locale-archive
b7daa000-b7faa000 r--p 00000000 08:01 1753630    /usr/lib/locale/locale-archive
b7faa000-b7fac000 rw-p b7faa000 00:00 0
bf8a7000-bf8bc000 rw-p bf8a7000 00:00 0          [stack

Expected Results:  Proper check, no buffer overflow, displaying an error message instead

Additional info:

Proper use works
arp -s 172.16.1.3 -D eth0
Comment 1 Radek Vokál 2005-08-03 09:29:08 UTC 
Fixed